From afaf95bb133ec8a577f87abfa4158f51677cd3c4 Mon Sep 17 00:00:00 2001
From: Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net>
Date: Wed, 16 Apr 2003 20:22:12 +0000
Subject: Random XSS exploit

git-svn-id: file:///svn/phpbb/trunk@3855 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/db/mysql.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/includes/db/mysql.php')

diff --git a/phpBB/includes/db/mysql.php b/phpBB/includes/db/mysql.php
index f670c8e682..1da5ee2622 100644
--- a/phpBB/includes/db/mysql.php
+++ b/phpBB/includes/db/mysql.php
@@ -429,7 +429,7 @@ class sql_db
 			$this_page = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
 			$this_page .= '&' . ((!empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);
 
-			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @mysql_error() . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . $this_page . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
+			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @mysql_error() . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . htmlspecialchars($this_page) . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
 			trigger_error($message, E_USER_ERROR);
 		}
 
-- 
cgit v1.2.1